From: Kee Hinckley <nazgul(_at_)somewhere(_dot_)com>
I think you are mistaken.
- I've seen users talk about using whitelisting with Hotmail
- I think I've been told the Outlook can do something like whitelisting
- Netscape 7's filters can be used to whitelist.
If that is the case--why are they getting spam?
(Note that I was responding to your statement that whitelisting is
not available.)
My guess is two reasons:
- Most people want to receive mail from strangers. They value
the ability to hear from lost uncles more than they dislike spam.
- Most people don't think of the notion of whitelisting everyone
but a few friends. When it's pointed out to them, they can
understand whitelisting a sender that would otherwise be filtered.
But they don't "get" the notion of going to 100% whitelisting.
That second reason is not theoretical, as demonstrated by the many
people who propose here and everywhere perfect spam solutions that
are equivalent to 100% whitelisting.
...
I believe Habeas's claim that most of the Internet has already
white-listed the Habeas mark. So why aren't more spammers forging it?
What does "most of the internet mean"? AOL, MSN and Earthlink have
decided to let Habeas mail through for their users? I could believe
that.
Habeas claims 300,000,000 mailboxes have whitelisted their mark.
I suspect that includes some of AOL, MSN, Earthlink, Outblaze, Juno,
and the default configurations for many spam filters.
But that has nothing to do with whitelisting email addresses
and lists.
It's not the same as whitelisting addresses and lists, but it is
relevant to the question of spammers forging addresses to use whitelists.
If spammers are fearless about forgery, why doesn't even some spam
include the Habeas mark? (Yes, I noticed the recent court cases,
which is why I used the present tense.)
And why don't you see forged spam supposedly from CERT or the IETF?
Because 99% of the users out there haven't a clue what they are, and
certainly haven't whitelisted them.
I think you're talking about ISP whitelisting. I'm talking about
end-user whitelisting. Those are two completely different things.
They differ but are related. A lot of ISP whitelisting consists of
suggestions or default configurations for users's individual whitelists.
> In some respects, the (semi-articulated) proposal from the
bulk-mailing folks appears to be an attempt to provide a similar
identification mechanism for non-list, bulk mail.
What is "non-list, bulk mail"? As far as I can see, the bulk mail
The stuff companies like Roving send for their customers, and large
companies like Amazon send for themselves. Am I really being that
unclear? I give up.
Distinguishing between the bulk mail of this list and the stuff Roving
sends is counter-productive. The contents of bulk mail really doesn't
matter, and neither do the software used to send it or the motives of
the senders. All that matters is whether a reasonable person (in the
legal sense of the phrase) would say the mail is solicited by all of
its targets. Why wouldn't or shouldn't Roving include List-ID headers
for its various streams? What's the difference between white-
or blacklisting Rovings domains or IETF's servers?
Once you start paying attention to contents, you end up with hopeless
muddles such as "ADV is required on commercial mail" with no hope
of deciding whether a lot of mail is "commercial."
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg